SANS Security Awareness Culture Assessment

The SANS Security Awareness Culture Assessment focuses on the cyber security perceptions and behaviors of an organization. This assessment does not measure what people are doing, but what they are thinking.

Build Maturity

The Cybersecurity Culture Assessment Report provides an indication of where your organization lands on the Cybersecurity Maturity Model. This will help you determine what activities to conduct fully mature your security program.


Perception of Security

Measure what people believe or think about the overall role and implementation of cyber security within your organization. Do people feel security is important? Do they think their actions have an impact of security? Do people believe leadership is doing a good job on cyber security?

Security Behaviors

Are coworkers sharing passwords or taking sensitive data home? Do employees know how to report an information security incident? A learner’s ability to recognize security incidents and social engineering attacks are critical in managing your organizations overall cyber security risk. Determine what specific behaviors may be a high risk to your organization.

Don't Be a Headline

According to the latest IBM Threat Intelligence Report

  • 8.5 billion records were breached, giving attackers access to more stolen credentials.
  • 150,000 vulnerabilities disclosed to date.
  • Ransomware attacks up 67% year-over-year.

Have confidence that your security awareness program addresses the high-risk areas that will protect your organization. SANS understands organizational time constraints; leverage the SANS Security Awareness Culture Assessment to highlight high-risk behaviors within your organization that need to be addressed.